@@ -202,6 +202,7 @@ export DEBUGFS_PROG="`set_prog_path debugfs`"
export UUIDGEN_PROG="`set_prog_path uuidgen`"
export GETRICHACL_PROG="`set_prog_path getrichacl`"
export SETRICHACL_PROG="`set_prog_path setrichacl`"
+export KEYCTL_PROG="`set_prog_path keyctl`"
# use 'udevadm settle' or 'udevsettle' to wait for lv to be settled.
# newer systems have udevadm command but older systems like RHEL5 don't.
new file mode 100644
@@ -0,0 +1,146 @@
+#-----------------------------------------------------------------------
+#
+# Common functions for testing filesystem-level encryption
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2016 Google, Inc. All Rights Reserved.
+#
+# Author: Eric Biggers <ebiggers@google.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#-----------------------------------------------------------------------
+
+_require_scratch_encryption()
+{
+ _require_scratch
+
+ _require_xfs_io_command "set_encpolicy"
+
+ # The 'test_dummy_encryption' mount option interferes with trying to use
+ # encryption for real, even if we are just trying to get/set policies
+ # and never put any keys in the keyring. So skip the real encryption
+ # tests if the 'test_dummy_encryption' mount option was specified.
+ _exclude_scratch_mount_option "test_dummy_encryption"
+
+ # Make a filesystem on the scratch device with the encryption feature
+ # enabled. If this fails then probably the userspace tools (e.g.
+ # e2fsprogs or f2fs-tools) are too old to understand encryption.
+ if ! _scratch_mkfs_encrypted &>>$seqres.full; then
+ _notrun "$FSTYP userspace tools do not support encryption"
+ fi
+
+ # Try to mount the filesystem. If this fails then either the kernel
+ # isn't aware of encryption, or the mkfs options were not compatible
+ # with encryption (e.g. ext4 with block size != PAGE_SIZE).
+ if ! _scratch_mount &>>$seqres.full; then
+ _notrun "kernel is unaware of $FSTYP encryption feature," \
+ "or mkfs options are not compatible with encryption"
+ fi
+
+ # The kernel may be aware of encryption without supporting it. For
+ # example, for ext4 this is the case with kernels configured with
+ # CONFIG_EXT4_FS_ENCRYPTION=n. Detect support for encryption by trying
+ # to set an encryption policy. (For ext4 we could instead check for the
+ # presence of /sys/fs/ext4/features/encryption, but this is broken on
+ # some older kernels and is ext4-specific anyway.)
+ mkdir $SCRATCH_MNT/tmpdir
+ if $XFS_IO_PROG -c set_encpolicy $SCRATCH_MNT/tmpdir \
+ 2>&1 >>$seqres.full | \
+ egrep -q 'Inappropriate ioctl for device|Operation not supported'
+ then
+ _notrun "kernel does not support $FSTYP encryption"
+ fi
+ rmdir $SCRATCH_MNT/tmpdir
+ _scratch_unmount
+}
+
+_scratch_mkfs_encrypted()
+{
+ case $FSTYP in
+ ext4|f2fs)
+ _scratch_mkfs -O encrypt
+ ;;
+ *)
+ _notrun "No encryption support for $FSTYP"
+ ;;
+ esac
+}
+
+# Give the invoking shell a new session keyring. This makes any keys we add to
+# the session keyring scoped to the lifetime of the test script.
+_new_session_keyring()
+{
+ $KEYCTL_PROG new_session >>$seqres.full
+}
+
+#
+# Generate a random encryption key, add it to the session keyring, and print out
+# the resulting key descriptor (example: "8bf798e1a494e1ec"). Requires the
+# keyctl program. It's assumed the caller has already set up a test-scoped
+# session keyring using _new_session_keyring.
+#
+_generate_encryption_key()
+{
+ # Generate a key descriptor (16 character hex string)
+ local keydesc=""
+ for ((i = 0; i < 8; i++)); do
+ keydesc="${keydesc}$(printf "%02x" $(( $RANDOM % 256 )))"
+ done
+
+ # Generate the actual encryption key (64 bytes)
+ local raw=""
+ for ((i = 0; i < 64; i++)); do
+ raw="${raw}\\x$(printf "%02x" $(( $RANDOM % 256 )))"
+ done
+
+ #
+ # Add the key to the session keyring. The required structure is:
+ #
+ # #define FS_MAX_KEY_SIZE 64
+ # struct fscrypt_key {
+ # u32 mode;
+ # u8 raw[FS_MAX_KEY_SIZE];
+ # u32 size;
+ # } __packed;
+ #
+ # The kernel ignores 'mode' but requires that 'size' be 64.
+ #
+ # Keys are named $FSTYP:KEYDESC where KEYDESC is the 16-character key
+ # descriptor hex string. Newer kernels (ext4 4.8 and later, f2fs 4.6
+ # and later) also allow the common key prefix "fscrypt:" in addition to
+ # their filesystem-specific key prefix ("ext4:", "f2fs:"). It would be
+ # nice to use the common key prefix, but for now use the filesystem-
+ # specific prefix to make it possible to test older kernels...
+ #
+ local big_endian=$(echo -ne '\x11' | od -tx2 | head -1 | \
+ cut -f2 -d' ' | cut -c1 )
+ if (( big_endian )); then
+ local mode='\x00\x00\x00\x00'
+ local size='\x00\x00\x00\x40'
+ else
+ local mode='\x00\x00\x00\x00'
+ local size='\x40\x00\x00\x00'
+ fi
+ echo -n -e "${mode}${raw}${size}" |
+ $KEYCTL_PROG padd logon $FSTYP:$keydesc @s >>$seqres.full
+ echo $keydesc
+}
+
+# Unlink an encryption key from the session keyring, given its key descriptor.
+_unlink_encryption_key()
+{
+ local keydesc=$1
+ local keyid=$($KEYCTL_PROG search @s logon $FSTYP:$keydesc)
+ $KEYCTL_PROG unlink $keyid >>$seqres.full
+}